CVE-2018-1789Server-Side Request Forgery in IBM API Connect

CWE-918Server-Side Request Forgery4 documents4 sources
Severity
9.9CRITICALNVD
CNA8.4
EPSS
0.2%
top 61.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM API Connect
Timeline
PublishedSep 7
Latest updateMay 13

Description

IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:LExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

NVDibm/api_connect2018.1.02018.3.4
CVEListV5ibm/api_connect16 versions+15

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-c3j4-jv4j-wgmf: IBM API Connect v20182022-05-13
CVEList
CVE-2018-1789: IBM API Connect v20182018-09-07

💬Community

1
Bugzilla
CVE-2019-10171 389-ds-base: Insufficient fix for CVE-2018-14648 denial of service in RHEL-7.52019-06-19
CVE-2018-1789 — Server-Side Request Forgery in IBM | cvebase